Privacy Audits: A Practical Approach to Privacy

In her novel, Everybody’s Autobiography, Gertrude Stein famously lamented “there, there is no there there.”  Stein was referring to the house in Oakland, California in which she had grown up and no longer existed.  Since then, Stein’s oft quoted line has become a metaphor for that which is lacking; an absence; a signifier with no signified.

Privacy, a term often bandied about, has become overused to the point that its definition has become ethereal, its “there” uncertain. It’s also a hot topic, a buzz word for personal information that is off limits. But without a more practical understanding of the types of personal information collected, stored and shared, organizations are at risk to not adequately address privacy in their day-to-day activities and practices. When it comes to privacy, it is imperative to put the house in order.

Failing to address privacy  can have serious consequences. I counsel clients that no network is ‘breach proof’ and often note that it’s not a question of whether a network can be breached, but rather when it will be breached.  To this point, as reported by the Identity Theft Resource Center, the “number of U.S. data breaches tracked in 2014 hit a record high of 783 in 2014…[t]his represents a substantial hike of 27.5 percent over the number of breaches reported in 2013 and a significant increase of 18.3 percent over the previous high of 662 breaches tracked in 2010.”  As the recent breach at Sony has dramatically shown, the threat posed by the theft of donor or constituent information, or even the organization’s data including private employee information, can have a devastating impact upon operations, finances and the reputation of that organization.

Given this, it is prudent to consider implementing practices that minimize these risks. The good news is that many breaches are avoidable and mitigating privacy risk doesn’t have to be too great a drain on resources. Implementing certain safeguards and practices today will limit the likelihood and minimize the impact of a data breach.  The first step is to perform a privacy audit to conceptualize, legitimize and institutionalize privacy within the organization.

A privacy audit is essentially a process to identify, across the organization, the types of personal information collected, the ways in which it is protected, and with whom such information is shared.   The following risk assessment methodology is a good place to start.

  • Inventory    Locate the places in the organization (and vendors operating on its behalf) that house/store Personally Identifying Information (“PII”), identifying both electronic files/databases and physical files.
  • Safeguards    Assess the safeguards in place – including the physical, administrative and technical controls – and whether they are adequate and reasonable considering the type of PII being stored (SSN vs. email address for example might have different levels of protection).
  • Gaps  Determine the compliance gap – essentially the difference between that what it should be doing, and the organizations actual practices.
  • Risk Assessment    For most organizations there will be a number of gaps.  As a first step, for the PII held in various locations and with various vendors, assess the risk of non-compliance, determine the impact of non-compliance and likelihood of risk occurrence, and use this to help prioritize compliance efforts.
  • Remediation   Depending upon the finding/conclusions in the previous steps, remediation should be a joint effort among various members of the organization to address and remedy any identified shortfalls/gaps.

The above are general guidelines –a more detailed checklist is more helpful in guiding organizations through the audit process. In future posts, I will offer tips in working with vendors who collect, store and/or hold PII on behalf of an organization.  In the meantime, a privacy audit should be considered as a critical first step in getting the privacy “house” in order.

Share this Post

Related Posts

perlman & perlman philanthropic sector law firm blue logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

LSU Foundation
Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA

perlman & perlman philanthropic sector law firm blue logo

click to exit page

news & events

Our attorneys’ recent contributions to the media and nonprofit sector publications.

news & events

Check out our attorneys’ recent contributions to the media and industry publications.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation

Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
American Rivers
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

Culture & Values

Vision

We view our clients as partners that share our commitment to bring about change in the world. Our goal is to provide them the peace of mind of knowing that they are in compliance with their legal obligations and to further empower them to achieve positive social impact and financial success.

Our Mission

Our mission is to provide the highest quality, integrity-driven legal services to our clients, using a practical, consultative, client-focused approach to identify and respond to problems and challenges.

We strive to maintain a culture characterized by respect, opportunity, diligence, mutual empowerment, entrepreneurship, and fair reward for efforts made on behalf of clients and the firm.

Perlman & Perlman is a Certified B Corporation

Certified B Corporations use the power of business to solve social and environmental problems. B Corps are unlike traditional businesses because they

  • Meet comprehensive and transparent social and environmental performance standards
  • Meet higher legal accountability standards
  • Build business constituency for good business